I have installed and configured UCP with 3 manager nodes behind an external load balancer. There are also 6 workder nodes. I can run the UCP Web UI, but when I try to deploy a stack, I get an error. Deploying a stack via the command line on a manager node also works fine.
Here is my setup screen:
docker-compse.yml
version: "3.5"
services:
nginx:
image: nginx:1-alpine
ports:
- 8000:80
And then I get the following error message within the Web UI "console" output:
error during connect: Get https://<myucp-load-balancer>:443/v1.39/info: x509: certificate signed by unknown authority
I am running on RHEL7 and have trusted the self-signed cert/ca at the system level on ALL nodes in the cluster. Does docker or UCP have its own trust store?
Is there another way to tell UCP to trust the self-signed cert for its own load balancer?
I found my solution. UCP has to manage SSL. The external load balancer had to be set to passthrough SSL.
“Since UCP does all of the auth management it requires that the SSL certificate be installed in UCP and the load balancer pass through connections to UCP for SSL termination. You can install the Certificate from the UI by logging into UCP as an admin user and going to Admin Settings -> Certificates . The steps are outlined here in the docs: https://docs.docker.com/ee/ucp/admin/configure/use-your-own-tls-certificates/”